Add "Manage Security Policy Links" as customizable permission

Release notes

The default role Owner is required to manage and assign security policies which can lead to an over privileged user. With the release of this permission, you can create a custom role and set the permission to enable least privileged access.

Background

Today, a user must be a project or group owner to assign and link a security policy

This results in teams escalating a security engineer to owner on the group or project level.

Proposal and User Experience

1. When creating a role, any base can be selected. A new permission is available and labeled "Manage Security Policy Links" that can be selected.
2. This permission admin_security_policy_links gives them the ability to:
   1. Assign and unassign security policy links at the group or project level.

API for reference

• https://docs.gitlab.com/ee/api/graphql/reference/#mutationsecuritypolicyprojectassign
• https://docs.gitlab.com/ee/api/graphql/reference/#mutationsecuritypolicyprojectunassign

Views+Workflows include:

• Base + permission: Can see Group or Project -> Secure -> Policies -> Edit Policy Project Button
• Base + permission: Can see Group or Project -> Policies -> Edit Policy Project Modal to assign or unassign

Documentation

• Permission Title: "Manage Security Policy Links"
• Permission Description: Assign and unassign Security Policy Links for a group or project.
• Update prerequisites for Linking a security policy project

Evidence

• #391760 (comment 1563798208)
• #391760 (comment 1713157342)